**Work Schedule** Standard Office Hours (40/wk) **Environmental Conditions** Office **Job Description** We are seeking a seasoned **IAM Architect** with deep expertise in **on-premises Windows Active Directory** and enterprise authentication systems. This role will drive the design, integration, and strategic direction of Directory Services and IAM solutions across the organization, ensuring secure and resilient access to critical systems. The ideal candidate has hands-on experience architecting and managing **Windows-based identity platforms** , along with a good grasp of security principles, authentication protocols, and identity governance. This position plays a key role in shaping our hybrid IAM landscape while modernizing legacy infrastructure. **Key Responsibilities** + Lead the architecture and roadmap for **Active Directory** , directory services, and enterprise authentication platforms. + Design and guide the implementation of **secure LDAP, SSO** , and **federation** across internal and external systems. + Drive adoption of **multi-factor authentication (MFA)** and **password-less authentication** strategies across enterprise environments. + Ensure IAM solutions align with **enterprise security policies** , regulatory standards, and architectural governance. + Collaborate closely with teams in **cybersecurity, infrastructure, and application development** to embed IAM controls and capabilities. + Evaluate tools and vendors for directory services, identity provisioning, and access management. + Define technical standards, patterns, and operational procedures for IAM services. + Partner with customers across the business to communicate IAM strategy and promote identity maturity. **Qualifications** + **Bachelor’s or Master’s degree** in Computer Science, Information Systems, or a related field. + **10+ years of IT experience** , including **5+ years of hands-on experience with on-premises Active Directory design, management, and security** . + Expert knowledge of **Group Policy, Kerberos, NTLM, DFS, Sites and Services, domain trusts** , and **AD replication** . + Deep understanding of **LDAP, secure LDAP (LDAPS), SAML, Kerberos** , and **SSO** integrations. + Experience working in hybrid identity environments (on-prem AD + Azure AD / ADFS integration). + Solid understanding of IAM architecture, authentication flows, and enterprise identity lifecycle management. + Excellent troubleshooting, documentation, and customer communication skills. + **Preferred certifications** : + **Microsoft Certified: Identity and Access Administrator Associate (SC-300)** + **Microsoft Certified: Windows Server Hybrid Administrator Associate** + **Microsoft Certified Solutions Expert (MCSE): Core Infrastructure** _(legacy but valuable)_ **What We Offer** + A chance to define and lead the **core identity infrastructure** of a global enterprise. + Work on challenging problems in **enterprise AD, authentication, and access governance** . + Competitive compensation, flexible work options, and professional development support. Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status. Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.